State Management :: The Random String Is Being Injected Into Every URL On Our Sites?
Nov 8, 2010
I work on an ASP.Net 4 project that uses forms authentication.The majority of our users login without any trouble, however, something strange is happening with a small number of users and I think we've narrowed it done to the User Agent string.Most users when logged in will see a fairly standard looking URL, e.g. http://mywebsite.co.uk/Web/Pages/Default.aspx, the "web" folder is the root of the site.
Some users when logged in are producing URLs such as
http://mywebsite.co.uk/Web/(F(wjNTtmLFYK3PyAUD09idKtZcyRPlf3Mlc6_rJMMwd1r0EvxeL1ROKYoTbd6KQWJNJHebiCs8qN4laZAItib4ZmcfMy75KhGlBrMCjY-47phUNQiJ_Q0-E3ntvf8tscjxfD5A0lVXau-UxDvN6gTgW1TkwhA1))/Pages/Default.aspx. I can only assume the garbage characters are some sort of session identifier string.
These obscure, long URLs work fine for some pages, but a lot of pages (including our home page) use the LoadControl(path) method to dynamic load content, or have hyperlinks to static files on the server (e.g. PDFs). In these scenarios the users with the long URLs crash the application as obviously the files it's looking for don't exist because the paths have been obscured with garbage characters.
We can reproduce this error by using masking the User Agent in Firefox to emulate the Googlebot, and sometimes the iPhone. Is there a particular reason why some user agents will produce this behaviour? Can anyone shed any light at all on why the random string is being injected into every URL on our sites?
/Web/(F(wjNTtmLFYK3PyAUD09idKtZcyRPlf3Mlc6_rJMMwd1r0EvxeL1ROKYoTbd6KQWJNJHebiCs8qN4laZAItib4ZmcfMy75KhGlBrMCjY-47phUNQiJ_Q0-E3ntvf8tscjxfD5A0lVXau-UxDvN6gTgW1TkwhA1))/FDCrew/Airlines/DHL/HomeFooterPanel.ascx
View 5 Replies
Similar Messages:
Feb 3, 2011
After doing some research, I found that <sessionState> can be hosted in SQL Server allowing applications to read from the same source. Essentially my app has two sides: a WCF library and an ASP.NET MVC 3 web site, the WCF has authentication and other DB IO methods and the MVC does the display. Now, the MVC stores a value in the session and then the WCF reads it and creates another for the MVC to read later. Problem is, neither can read each others session data, they can write to the same repository but can't share.
How do I go about them sharing the same information? How can I tell <sessionState> that the session started on the MVC side is the same as the WCF side and viceversa? I've tried
View 6 Replies
Apr 20, 2010
i have 2 different sites under different subdomains.
www.company.com
and e-order.company.com
i want to have SSO so i have tried to make a global cookie.
my question is :does the global cookie keeps the session variables when i am going from one site to another?
if not how can i pass a session variable for ex. session("userName") from one site to the other on redirect?
View 4 Replies
Nov 19, 2010
How do I create random value cookie for each Page Request in ASP.Net CS file.
Random value cookie should have server path.
View 4 Replies
Dec 24, 2010
I m facing some problem. i m not passing Dynamic string through query string..
I m using this code
string abc = "CPCB_" + TextBox1.Text + "_" + TextBox2.Text;
Response.Write("<script>window.open('xml.aspx?Flag=3&date='+abc,target='new');</script>");
View 2 Replies
Dec 15, 2010
I create a table as picture below :
when I insert any character to column Name then A new string random will auto insert into column Random (picture below) I had used Trigger but It was error !
I want to column Random use to code :
DECLARE @myid uniqueidentifier
SET @myid = NEWID()
insert into table_1 values(@myid, substring(CONVERT(varchar(255), @myid), 1, 5))
but It must auto like column Number (column Number is Identity)
View 1 Replies
Aug 17, 2010
I want to pass a value like default.aspx?product = jhonson&jhonson & id = 1what is solution for it.
View 8 Replies
Aug 24, 2010
how do i add a new parameter to an existing query string?
[URL]
now i need to add a new parameter say, showsearch.
View 1 Replies
May 15, 2010
My application is very big one. I m getting this error. I dont know where it is throwing.
I m unable to find this error. Can anyone help me and tell me the scenarios when will this exception comes.
The Stack Trace is throwing this message
System.Convert.FromBase64String(String s) at System.Web.UI.ObjectStateFormatter.Deserialize(String inputString) at System.Web.UI.ObjectStateFormatter.System.Web.UI.IStateFormatter.Deserialize(String serializedState) at System.Web.UI.Util.DeserializeWithAssert(IStateFormatter
formatter, String serializedState) at System.Web.UI.HiddenFieldPageStatePersister.Load()
View 30 Replies
Feb 7, 2011
Is it possible to assign the connection string in session variable and is it the good way to declare in session.
provide the sytax for accessing connection string from session variable
View 7 Replies
Aug 30, 2010
Example scenario:
User login has a list of associated 'accounts' it has access to... this list of accounts is stored in a database table, say tblAccountAccessControl, something like:
login, accountID
userA, account123
userA, account456
userA, account798
userB, accountABC
userB, accountDEF
etc..
This info is used throughout the web application and determines the 'domain' of information the particular login has access to. For example there are many other tables that have the 'accountID' field and whenever a page pulls data from the table it only pulls data that the currently logged in user should be allowed to see, based on that tblAccountAccessControl data.
The security question:
Do I need to query the database every time I need to get this list of allowed accountID's? I was about to use a plain old query string to pass a particular accountID to another page but quickly caught myself as I realized that would be a major security flaw (the receiving page was going to use that accountID to grab info from the database, and there would be nothing preventing a user from simply typing in a url manually to get data from an accountID they are not supposed to be allowed to view). So I then thought I'll just store the list of accountID's in a session state variable so they will be carried with the user throughout the session.
But then I remembered there are tools out there that allow you to easily intercept and modify asp.net viewstate information and I'm not sure if that would included session state variables, but I'm guessing they would. Is there a way to create a secure query string? If I used session state would that session state information be exposed and modifyable by utilities out there? Am I just stuck having to query the database every time I need this info to assure security? What about encrypting it and then storing in session state variable (just thought of that one)?
View 5 Replies
Feb 5, 2011
developing a photogallery using datalist and custom numeric pagination.
I have assigned the CurrentPage Index of the PagedDataSource object by requesting "pid" value from QueryString .
On the pageload i hit the database once and store the filenames in ViewState but..
But the ViewState becomes null when the page is posted back with new query string value.
View 2 Replies
Dec 20, 2010
I created three web pages: Page1, Page2, Page3. In Page1, two variables(Var1, Var2) were stored by subkeys(Key1, Key2) in a single cookie. After storing, Page1 was redirected to Page2 by Server.Transfer() as the following code:
Response.Cookies("MyCookie")("Key1") = Var1
Response.Cookies("MyCookie")("Key2") = Var2
Server.Transfer("Page2.aspx")
Similarly, I use subkeys(Key3 ~ Key5) to store three variables(Var3 ~ Var5) in Page2 and then redirect to Page3 as the following code:
Response.Cookies("MyCookie")("Key3") = Var3
Response.Cookies("MyCookie")("Key4") = Var4
Response.Cookies("MyCookie")("Key5") = Var5
Server.Transfer("Page3.aspx")
If Cookies("MyCookie") isn't rewritten by other code, it should return Var1 ~ Var5 respectively to execute Request.Cookies("MyCookie")("Key1") ~ Request.Cookies("MyCookie")("Key5") in Page3. However... Strange things happened, Var1 and Var2 were not returned, but empty string are returned instead.
View 10 Replies
Feb 16, 2011
I have a query string which contains the value of more than one Array, I want to pass these values from Page 1 to Page 2 and then distribute the array values into new arrays on Page 2.
Here is what I have so far.
Page 1
[Code]....
[Code]....
Page 2
[Code]....
All that I get returned in EFFinal and IFFinal is System.String?
View 5 Replies
Jan 1, 2011
Parser Error
Description: An error occurred during the parsing of a resource required to service this request. review the following specific parse error details and modify your source file appropriately.
Parser Error Message: Server tags cannot contain <% ... %> constructs.
Source Error:
[Code]....
Source File: /Dec-12/myprofile.aspx Line: 101
View 3 Replies
Nov 18, 2010
I need to keep a global variable throughout the whole time the user is at my site, but do I use Application or a static class? The string variable should store a region name and my site makes a few changes depending on which region that has been set.
I read that Application was mainly for classic ASP, but I also read that a static class cannot be instantiated at runtime (e.g. when the user has logged in).
So, have I got something wrong here and which solution do I use?
View 2 Replies
Sep 3, 2010
I only made 1 other dynamic page before, without users. I do remember I setup a read-only user to the database and that was the user used in the connection string, simple.
In managing multiple users, does asp.net's membership & roles automatically switch up the databases connection string upon login? Do you setup hypothetical "groups" of user access permissions in your database (mysql) then associate that user to that group in membership & roles?
I'm just looking for a general idea of what to expect before I start reading.
View 2 Replies
May 2, 2010
I've build a random string generator but I'm having a problem whereby if I call the function multiple times say in a Page_Load method, the function returns the same string twice.here's the code
Public Class CustomStrings
''' <summary>'
''' Generates a Random String'
''' </summary>'
''' <param name="n">number of characters the method should generate</param>'
''' <param name="UseSpecial">should the method include special characters? IE: # ,$, !, etc.</param>'
''' <param name="SpecialOnly">should the method include only the special characters and excludes alpha numeric</param>'
''' <returns>a random string n characters long</returns>'
Public Function GenerateRandom(ByVal n As Integer, Optional ByVal UseSpecial As Boolean = True, Optional ByVal SpecialOnly As Boolean = False) As String.............
View 4 Replies
Feb 11, 2011
I have this code that loop through table controls how do stick the seleted information into a session variable. Then i have to pass it into another page table control.example code
[Code]....
View 7 Replies
Jan 17, 2011
I would like to know if the way i'm dealing with session variables is the right way, and also how to fix this error i'm getting:
FormatException: Input string was not in a correct format.
View 4 Replies
Feb 25, 2011
when we go for client and server side state management in asp.net
View 2 Replies
Aug 6, 2010
ASP.Net 2005
I am a new bie to work with ASP.net. I want to create an application /site in asp.net which work like content management system. As we see many sites are now a days being build on JOOMLA. How can we create such a CMS (content management system) sites using ASP.NET.
View 1 Replies
Apr 1, 2010
bCookie["System"] = ddlSystemsMain.SelectedIndex.ToString();
bCookie.Expires = DateTime.Now.AddYears(2);
Response.Cookies.Add(bCookie);
Response.Cookies["System"].Expires = bCookie.Expires;
////////////// later code ////////////////////////////
if (Request.Cookies["System"] != null)
{
ddlSystemsMain.SelectedIndex = int.Parse(Request.Cookies["System"].Value);
}
The error message was on the last line - "input string was not int the correct format".
View 1 Replies
Aug 9, 2010
In my Application_BeginRequest I have code that gets query string value ?c=FR or ?c=US and store it in cookies.Based on query string value I have either US or FR,locale is selected from locale table.If ?c=FR then locale will be fr-FR and if it is US then locale will be en-US.My code is below.
void Application_BeginRequest(object sender, EventArgs e)
{
LocalizationInfo loc = GetLocalizationInfo();
if (Request.Cookies["Localization"] == null)
Response.Cookies.Add(new HttpCookie("Localization"));
Response.Cookies["Localization"]["Country"] = loc.Country;
CultureInfo objCI = new CultureInfo(loc.Locale);
Thread.CurrentThread.CurrentCulture = objCI;
Thread.CurrentThread.CurrentUICulture = objCI;
}
public static LocalizationInfo GetLocalizationInfo()
{
string countryCode = "";
string sLocale = "";
if (HttpContext.Current.Response.Cookies["Localization"]["Country"] != null)
countryCode = HttpContext.Current.Response.Cookies["Localization"]["Country"];
if (!string.IsNullOrEmpty(HttpContext.Current.Request.QueryString["c"]))
countryCode = HttpContext.Current.Request.QueryString["c"];
if (countryCode == "")
countryCode = "US";
sLocale = HertzRent2Buy.DataProvider.ListData.GetLocale(countryCode);
LocalizationInfo ret = new LocalizationInfo();
ret.Country = countryCode;
ret.Locale = sLocale;
return ret;
}
public struct LocalizationInfo
{
public string Country;
public string Locale;
}
Now when I run the project and in query string I set [URL] then for the very first page(home page itself) it shows me French translation,but on subsequent page,that query string parameter ?c=FR is lost and hence it shows be English translation not French translation since it does not pickup French resx file.If I manually append ?c=FR in subsequent page then it shows the French translation.Is there is way how I can make that query stringparameter available in all pages.Structure is there to hold Country and locale variables. In all pages I am calling GetLocalizationInfo() method as follow
LocalizationInfo info = some.DataProvider.Globalization.GetLocalizationInfo();
And I create instance info to pass locale and country as parameter. GetProductDetails(id,info.Country,info.locale). why my query string parameters get lost on subsequent pages.
View 1 Replies
Nov 1, 2010
How to pass query string from one application to another application, i need to send values through one page of application to another application,I am using inprocess session state.
from loging page i need to send sessions to another applicaion but here sending sessions are some what diffcult (after googling).so is it possible through query strings???if yes How pass them please tell me the sample example.will it be possible through coockies?? or query strings. How
View 6 Replies